UA EN RU
All topics
Topics
UA EN RU
Last news
Financial Times: Ukraine investigates leak of mineral contract with the USA, officials to be polygraphed today, 16:45
Be Afraid to Say: Zelensky Criticizes the US for Its Response to the Attack on Kryvyi Rih today, 16:00
The Telegraph learned who could become the main negotiator with Putin from Europe today, 14:30
The most popular military specialties identified in recruitment centers today, 13:45
High-Precision Lies: Russia Made a Cynical Statement About the Missile Strike on Kryvyi Rih today, 12:15
In Russia, drones destroyed a 'unique' defense plant for fiber optic production today, 11:30
The State Emergency Service reported on the scale of demining since the beginning of the war today, 03:22
Not doomed: NATO General assesses the situation on the front in Ukraine today, 01:34
NBU has recorded the strengthening of the hryvnia: what is happening with the dollar exchange rate yesterday, 22:35
Zelensky spoke about the conditions of negotiations with the Russian Federation and the placement of Western military contingents yesterday, 22:07
We are tripling military assistance': Norway approved a historic aid package for Ukraine yesterday, 18:29
Russia has doubled the number of drone strikes on Ukraine since the start of 'peace negotiations' yesterday, 16:45
Rubio: Russia has weeks to demonstrate readiness for peace in Ukraine yesterday, 16:27
Russia has lost nearly 10% of its strategic Tu-22M bombers yesterday, 15:50
Show more

Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.

19.03.2025 750
Shostal Oleksandr
Journalist Shostal Oleksandr
19.03.2025 750
Cyberattacks on the defense sector recorded
Cyberattacks on the defense sector recorded

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.

In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.

Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).

'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.

Read also
Read 112.ua in telegramtelegramm logo
Read 112.ua in googlegoogle logo
You may be interested
The image shows a polygraph machine
Financial Times: Ukraine investigates leak of mineral contract with the USA, officials to be polygraphed
today, 16:45 104
Zelensky criticizes the US for its response
Be Afraid to Say: Zelensky Criticizes the US for Its Response to the Attack on Kryvyi Rih
today, 16:00 98
European negotiator with Putin
The Telegraph learned who could become the main negotiator with Putin from Europe
today, 14:30 118
The most popular military specialties
The most popular military specialties identified in recruitment centers
today, 13:45 122
Russia's Missile Strike on Kryvyi Rih
High-Precision Lies: Russia Made a Cynical Statement About the Missile Strike on Kryvyi Rih
today, 12:15 130
Damaged factory in Russia
In Russia, drones destroyed a 'unique' defense plant for fiber optic production
today, 11:30 146

Advertising